A computer or other processing system generally comprises a processor and a number of peripherals. The processor and its associated peripherals may be discrete system components, or may be combined into a single integrated circuit. The latter type of arrangement is also referred to as a system on a chip (SOC). The peripherals may be implemented, by way of example, as dedicated pieces of hardware that are configured to perform specified tasks at the request of the processor. These peripherals are typically controlled by software running on the processor. Particular portions of this software, referred to herein as software agents, write configuration information to the peripherals specifying details of the requested tasks.
Certain processor architectures allow the processor to operate in a secure mode. When operating in the secure mode, the processor is generally able to access all peripherals or other system resources without restriction. The secure operating mode is typically reserved for use by a limited set of high privilege software agents that run on the processor and have been previously verified and proven trustworthy and correct. Low privilege or unprivileged software agents are also permitted to run on the processor, but cannot use the secure operating mode. These unverified software agents are instead run in a non-secure mode. Limiting the use of the secure operating mode to a small subset of the software agents reduces the costs associated with software program code verification, while also ensuring that unverified software agents cannot undermine the security of the overall system.
A problem that arises in conventional processing systems of the type described above is that system elements other than the processor often have access to secure information within the processing system. For example, peripherals may obtain access to secure information in the course of performing various tasks at the request of the processor, such as tasks associated with direct memory access (DMA), encryption and interrupt control. Although the processor that requested performance of the tasks may itself be operating in a secure mode, the corresponding peripherals may not have a secure operating mode. As a result, the security of the system may be vulnerable to attack through non-secure software agents that have access to the same peripherals that perform tasks for secure software agents.